home | list info | list archive | date index | thread index

Re: Segregating VPN traffic

One question:
You said your employer told you that their VPN setup will force all your traffic over their VPN. I would look into how that's done. I know with OpenVPN the server can "push routes" to the client. (see `route`). Ultimately you own your computer and there should be some way for you to override the route that's been pushed to you and only route your work's network address ranges over the VPN gateway. That being said, if the vpn client on your computer aggressively and repeatedly writes its own routes I think sticking it in its own network namespace is the only way to go.

On Mon, Jul 6, 2020, at 6:24 PM, Christopher Harvey wrote:
> Hi Aaron,
> 
> This is my first time posting on this list. (hello everybody).
> 
> I actually just set this up 2 days ago on my pfSense router at home. My 
> router maintains a connection to my ISP as well as a virtual VPN 
> gateway. You can setup a combination of NAT and iptables to selectively 
> route some internal traffic over the VPN gateway right before it leaves 
> the house based on the IP address of the computer on your network. You 
> can even get fancy and run some programs in separate linux network 
> namespaces and route certain programs over the VPN gateway without 
> having to route an entire host or VM.
> 
> All this depends on what your router is and what the VPN server software is.
> 
> In my case this post got my 80% of the way there:
> https://forum.netgate.com/topic/65970/solved-routing-some-traffic-static-ips-through-openvpn-over-pia
> 
> It's a little involved, but I didn't even have to open a terminal.
> 
> If you don't want want to touch the home router, running all your work 
> programs in a VM with the vpn software is the easiest solution, or you 
> can avoid a VM with linux network namespaces and SNAT:
> https://medium.com/@havloujian.joachim/advanced-docker-networking-outgoing-ip-921fc3090b09
> 
> I hope that's enough information to pick a solution that works best for 
> you. I can provide more details about a particular setup if you want to 
> know more.
> 
> -Chris
> 
> On Mon, Jul 6, 2020, at 5:57 PM, Aaron Wilcox wrote:
> > I've been using Remmina to log into my work computer via RDP, but 
> > they've decommissioned the old Windows SBS 2011 server and now we will 
> > have to use their VPN to access their network. They have said that this 
> > will result in all of my home computer's internet traffic being routed 
> > through their network, as long as I'm connected to their VPN.
> > 
> > Is there a way to segregate the work-related VPN traffic from my 
> > personal traffic (i.e.: have work-related traffic go through the VPN 
> > connection, and all other traffic go through a connection to my home 
> > ISP)? Could this be done by using a virtual system to connect to the 
> > VPN, while leaving the host connected to my home ISP?
> > 
> > -- 
> > Linux Mint Logo *Aaron Wilcox* *e:* aaron [ dot ] s [ dot ] wilcox [ at ] gmail [ dot ] com
> > *e:* aaron [ dot ] wilcox [ at ] sympatico [ dot ] ca
> > Attachments:
> > * 2000px-Linux_Mint_Official_Logo.svg.png
> 
> To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org
> To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org
> To visit the archives: https://lists.linux-ottawa.org
> 
>

To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org
To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org
To visit the archives: https://lists.linux-ottawa.org

references

message navigation